The Mcafee FreeScan CoMcFreeScan browser object is prone to a remote buffer overflow vulnerability. The issue occurs due to a lack of sufficient boundary checks performed on data assigned to the object variable 'ScanParam'. An attacker can exploit this vulnerability by crafting a malicious website that, when viewed, would result in arbitrary code execution in the context of the user running the browser with an affected browser object installed.
The Symantec Virus Detection Symantec.SymVAFileQuery.1 COM object is prone to a denial of service vulnerability. When the object is invoked with excessive data, the browser will crash. Successful exploitation would immediately produce a denial of service condition in the affected browser. Although initially reported as a buffer overflow, this issue does not appear to present any threat of remote code execution. It should be noted that the vulnerable object may not be invoked from scripts outside of the Symantec domain, however, vulnerabilities that permit malicious content to be executed in the context of the domain (such as HTML injection or cross-site scripting vulnerabilities as well as web browser security model issues) may still permit exploitation of this issue.
Panda ActiveScan is prone to a denial of service vulnerability that may cause an instance of Internet Explorer to crash. The issue occurs when the 'SetSitesFile' function is called in combination with setting the 'InstallEngineCtl' object.
The Blaxxun Contact 3D browser object for Internet Explorer is prone to a buffer overflow vulnerability. The issue is due to a lack of sufficient boundary checks performed on data assigned to a browser object variable. An attacker can exploit this vulnerability to seize control of the execution flow for the affected browser object and influence execution flow into an attacker-supplied payload.
Adobe Photoshop is prone to a denial of service vulnerability that may crash an instance of Internet Explorer. An attacker can exploit this issue by creating a script that attempts to create a COM object and enticing a user to execute the script in their browser. When the user executes the script via Internet Explorer, the Internet Explorer window hangs leading to a denial of service in the browser.
FTGate is prone to a server path disclosure vulnerability. This issue is due to an ill conceived error message that includes the server path. These issues may be leveraged to gain sensitive information about the affected system potentially aiding an attacker in mounting further attacks.
FTGate is prone to multiple remote input validation vulnerabilities, including a cross-site scripting issue and an HTML injection vulnerability. These vulnerabilities are due to a failure of the application to properly sanitize user-supplied input before using it in dynamic web content. The cross-site scripting issue allows a remote attacker to create a malicious link that includes hostile HTML and script code, which can be executed in the victim's web browser. This can lead to theft of cookie-based authentication credentials and other attacks. The HTML injection vulnerability allows an attacker to execute arbitrary script code in the browser of an unsuspecting user, potentially stealing authentication credentials and sensitive information.
The vulnerability exists in the 'LoadMovie' function of Macromedia Flash Player for Internet Explorer. By calling the function and loading a flash movie into a non-zero level, an attacker can cause an instance of Internet Explorer to crash.
The 'MSWebDVD' Object in Internet Explorer is prone to a denial of service vulnerability that allows remote attackers to crash the browser. By sending an excessive string value (about 255 characters) through a malicious site, an attacker can cause a denial of service condition in Internet Explorer.
Certain areas within the BackWeb interface permit arbitrary programs to be invoked with LOCAL SYSTEM privileges.
Services By CQR